mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge branch 'master' of https://github.com/love-code-yeyixiao/Sandboxie

This commit is contained in:
love-code-yeyixiao 2024-04-19 22:41:46 +08:00
parent 03a59bb417 e3bc36d70d
commit 1dd3e35dff
36 changed files with 8898 additions and 8463 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/codespell.yml vendored
View File

@ -125,5 +125,5 @@ jobs:
echo 'tailing->trailing' >> dictionary_code.txt
# Only lowercase letters are allowed in --ignore-words-list
codespell --dictionary=dictionary.txt --dictionary=dictionary_rare.txt --dictionary=dictionary_code.txt \
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,typpos,enew,shft,seh,ser,servent,socio-economic" \
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,typpos,enew,shft,seh,ser,servent,socio-economic,rime" \
--skip="./.git,./.github/workflows/codespell.yml,./dictionary*.txt,./Sandboxie/msgs/Text-*-*.txt,./Sandboxie/msgs/report/Report-*.txt,./SandboxiePlus/SandMan/*.ts,./Installer/Languages.iss,./Installer/isl/*.isl,./Sandboxie/common/Detours/Makefile,./Sandboxie/common/Detours/disasm.cpp,./Sandboxie/install/build.bat,./SandboxieTools/ImBox/dc/crypto_fast/xts_fast.c,./Sandboxie/apps/control/TreePropSheet.h,./Sandboxie/apps/control/PropPageFrame.h,./Sandboxie/apps/control/PropPageFrameDefault.h,./SandboxiePlus/SandMan/Troubleshooting/lang_*.json"

10
CHANGELOG.md
View File

@ -10,11 +10,21 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.13.6 / 5.68.6] - 2024-04-
### Added
- added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao)
- Note: this option may cause issues in games hence do not enable it for gaming boxes.
- added support for hardlinks [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826)
- added mechanism to terminate stuck sandboxed processes from the driver
### Changed
- improved Avast template [#3777](https://github.com/sandboxie-plus/Sandboxie/pull/3777)
### Fixed
- fixed When I change the BlockDNS and BlockPorts options, the Apply button is not activated [#3807](https://github.com/sandboxie-plus/Sandboxie/issues/3807)
- fixed troubleshooting wizard broke with new qt [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
- fixed Settings dialog now showing the right ram disk letter
- fixed issues with updater broke with new qt due to missing SSL support [3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
- fixed Enabling "DropAdminRights/FakeAdminRights" adds "BlockInterferePower and ForceProtectionOnMount" to the INI [#3825](https://github.com/sandboxie-plus/Sandboxie/issues/3825)

33
Sandboxie/common/win32_ntddk.h
View File

@ -458,8 +458,8 @@ typedef enum _FILE_INFORMATION_CLASS {
FileNumaNodeInformation, // 53
FileStandardLinkInformation, // 54
FileRemoteProtocolInformation, // 55
FileRenameInformationBypassAccessCheck, // 56
FileLinkInformationBypassAccessCheck, // 57
FileRenameInformationBypassAccessCheck, // 56 - kernel mode only
FileLinkInformationBypassAccessCheck, // 57 - kernel mode only
FileVolumeNameInformation, // 58
FileIdInformation, // 59
FileIdExtdDirectoryInformation, // 60
@ -467,8 +467,18 @@ typedef enum _FILE_INFORMATION_CLASS {
FileHardLinkFullIdInformation,
FileIdExtdBothDirectoryInformation,
FileDispositionInformationEx,
FileRenameInformationEx, // 65
FileRenameInformationExBypassAccessCheck,
FileRenameInformationEx, // 65
FileRenameInformationExBypassAccessCheck, // 66 - kernel mode only
FileDesiredStorageClassInformation, // 67
FileStatInformation, // 68
FileMemoryPartitionInformation, // 69
FileStatLxInformation, // 70
FileCaseSensitiveInformation, // 71
FileLinkInformationEx, // 72
FileLinkInformationExBypassAccessCheck, // 73 - kernel mode only
FileStorageReserveIdInformation, // 74
FileCaseSensitiveInformationForceAccessCheck, // 75
FileMaximumInformation
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
@ -698,6 +708,21 @@ typedef struct _FILE_ALL_INFORMATION {
FILE_NAME_INFORMATION NameInformation;
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
// FileLinkInformation
typedef struct _FILE_LINK_INFORMATION {
#if (_WIN32_WINNT >= _WIN32_WINNT_WIN10_RS5)
union {
BOOLEAN ReplaceIfExists; // FileLinkInformation
ULONG Flags; // FileLinkInformationEx
} DUMMYUNIONNAME;
#else
BOOLEAN ReplaceIfExists;
#endif
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
__declspec(dllimport) NTSTATUS __stdcall
NtCreateFile(
OUT PHANDLE FileHandle,

180
Sandboxie/core/dll/file.c
View File

@ -263,7 +263,7 @@ static NTSTATUS File_NtDeleteFile(OBJECT_ATTRIBUTES *ObjectAttributes);
static NTSTATUS File_NtDeleteFileImpl(OBJECT_ATTRIBUTES *ObjectAttributes);
static NTSTATUS File_RenameFile(
HANDLE FileHandle, FILE_RENAME_INFORMATION *info);
HANDLE FileHandle, void *info, BOOLEAN LinkOp);
static BOOLEAN File_RecordRecover(HANDLE FileHandle, const WCHAR *TruePath);
@ -6041,7 +6041,7 @@ _FX NTSTATUS File_NtSetInformationFile(
} else if ( FileInformationClass == FileRenameInformation ||
FileInformationClass == FileRenameInformationEx ) {
status = File_RenameFile(FileHandle, FileInformation);
status = File_RenameFile(FileHandle, FileInformation, FALSE);
//
// pipe state request on a proxy pipe
@ -6058,6 +6058,41 @@ _FX NTSTATUS File_NtSetInformationFile(
status = File_SetProxyPipe(
FileHandle, IoStatusBlock,
FileInformation, Length, FileInformationClass);
//
// link request
//
} else if ( FileInformationClass == FileLinkInformation ||
FileInformationClass == FileLinkInformationEx ||
FileInformationClass == FileHardLinkInformation ||
FileInformationClass == FileHardLinkFullIdInformation) {
if (FileInformationClass == FileLinkInformation ||
FileInformationClass == FileLinkInformationEx) {
status = File_RenameFile(FileHandle, FileInformation, TRUE);
}
else // todo
{
FillIoStatusBlock = FALSE;
status = __sys_NtSetInformationFile(
FileHandle, IoStatusBlock,
FileInformation, Length, FileInformationClass);
}
if (!NT_SUCCESS(status)) {
//
// we don't support hard links in the sandbox, but return
// STATUS_INVALID_DEVICE_REQUEST and hopefully the caller will
// invoke CopyFile instead. dfsvc.exe (ClickOnce) does that.
//
status = STATUS_INVALID_DEVICE_REQUEST;
FillIoStatusBlock = TRUE;
}
//
// any other request
@ -6070,20 +6105,6 @@ _FX NTSTATUS File_NtSetInformationFile(
status = __sys_NtSetInformationFile(
FileHandle, IoStatusBlock,
FileInformation, Length, FileInformationClass);
if ((FileInformationClass == FileLinkInformation ||
FileInformationClass == FileHardLinkFullIdInformation)
&& (! NT_SUCCESS(status))) {
//
// we don't support hard links in the sandbox, but return
// STATUS_INVALID_DEVICE_REQUEST and hopefully the caller will
// invoke CopyFile instead. dfsvc.exe (ClickOnce) does that.
//
status = STATUS_INVALID_DEVICE_REQUEST;
FillIoStatusBlock = TRUE;
}
}
if (FillIoStatusBlock) {
@ -6644,7 +6665,7 @@ _FX LONG File_RenameOpenFile(
_FX NTSTATUS File_RenameFile(
HANDLE FileHandle, FILE_RENAME_INFORMATION *info)
HANDLE FileHandle, void *info, BOOLEAN LinkOp)
{
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
@ -6663,11 +6684,12 @@ _FX NTSTATUS File_RenameFile(
WCHAR *ReparsedPath;
WCHAR save_char;
ULONG info2_len;
FILE_RENAME_INFORMATION *info2;
void *info2;
FILE_NETWORK_OPEN_INFORMATION open_info;
ULONG SourceFlags;
ULONG TargetFlags;
ULONG len;
BOOLEAN ReplaceIfExists;
SourceHandle = NULL;
TargetHandle = NULL;
@ -6783,12 +6805,32 @@ _FX NTSTATUS File_RenameFile(
// overwrite the shared name buffers
//
objname.Length = (USHORT)info->FileNameLength;
objname.MaximumLength = objname.Length;
objname.Buffer = info->FileName;
if (LinkOp) {
status = File_GetName(
info->RootDirectory, &objname, &TruePath, &CopyPath, &TargetFlags);
FILE_LINK_INFORMATION *infoL = info;
objname.Length = (USHORT)infoL->FileNameLength;
objname.MaximumLength = objname.Length;
objname.Buffer = infoL->FileName;
status = File_GetName(
infoL->RootDirectory, &objname, &TruePath, &CopyPath, &TargetFlags);
ReplaceIfExists = infoL->ReplaceIfExists;
} else {
FILE_RENAME_INFORMATION *infoR = info;
objname.Length = (USHORT)infoR->FileNameLength;
objname.MaximumLength = objname.Length;
objname.Buffer = infoR->FileName;
status = File_GetName(
infoR->RootDirectory, &objname, &TruePath, &CopyPath, &TargetFlags);
ReplaceIfExists = infoR->ReplaceIfExists;
}
if (! NT_SUCCESS(status))
__leave;
@ -6825,34 +6867,35 @@ _FX NTSTATUS File_RenameFile(
++TargetFileName;
//
// if the full path name for the target is an open path, we want
// to be able to rename outside the sandbox. however, the parent
// directory in that full path may not be an open path itself.
// invoke the driver to do such a rename on our behalf
//
if(!LinkOp) {
TargetFileName[-1] = L'\0';
//
// if the full path name for the target is an open path, we want
// to be able to rename outside the sandbox. however, the parent
// directory in that full path may not be an open path itself.
// invoke the driver to do such a rename on our behalf
//
ReparsedPath = File_FixPermLinksForMatchPath(TargetTruePath);
if (! ReparsedPath)
ReparsedPath = TargetTruePath;
TargetFileName[-1] = L'\0';
//if (!Dll_CompartmentMode) // NoDriverAssist
status = SbieApi_RenameFile(SourceHandle, ReparsedPath, TargetFileName, info->ReplaceIfExists);
//else
// status = File_RenameOpenFile(SourceHandle, ReparsedPath, TargetFileName, info->ReplaceIfExists);
ReparsedPath = File_FixPermLinksForMatchPath(TargetTruePath);
if (! ReparsedPath)
ReparsedPath = TargetTruePath;
if (ReparsedPath != TargetTruePath)
Dll_Free(ReparsedPath);
status = SbieApi_RenameFile(SourceHandle, ReparsedPath, TargetFileName, ReplaceIfExists);
TargetFileName[-1] = L'\\';
if (ReparsedPath != TargetTruePath)
Dll_Free(ReparsedPath);
if (status != STATUS_BAD_INITIAL_PC) {
TargetFileName[-1] = L'\\';
if (status != STATUS_BAD_INITIAL_PC) {
if (NT_SUCCESS(status))
goto after_rename;
__leave;
}
if (NT_SUCCESS(status))
goto after_rename;
__leave;
}
//
@ -6926,14 +6969,37 @@ _FX NTSTATUS File_RenameFile(
// allocate a new information buffer
//
info2_len = sizeof(FILE_RENAME_INFORMATION)
+ wcslen(TargetFileName) * sizeof(WCHAR);
info2 = Dll_AllocTemp(info2_len);
if (LinkOp) {
info2->ReplaceIfExists = info->ReplaceIfExists;
info2->RootDirectory = TargetHandle;
info2->FileNameLength = wcslen(TargetFileName) * sizeof(WCHAR);
memcpy(info2->FileName, TargetFileName, info2->FileNameLength);
FILE_LINK_INFORMATION *infoL = info;
FILE_LINK_INFORMATION *info2L;
info2_len = sizeof(FILE_LINK_INFORMATION)
+ wcslen(TargetFileName) * sizeof(WCHAR);
info2 = Dll_AllocTemp(info2_len);
info2L = info2;
info2L->ReplaceIfExists = infoL->ReplaceIfExists;
info2L->RootDirectory = TargetHandle;
info2L->FileNameLength = wcslen(TargetFileName) * sizeof(WCHAR);
memcpy(info2L->FileName, TargetFileName, info2L->FileNameLength);
} else {
FILE_RENAME_INFORMATION *infoR = info;
FILE_RENAME_INFORMATION *info2R;
info2_len = sizeof(FILE_RENAME_INFORMATION)
+ wcslen(TargetFileName) * sizeof(WCHAR);
info2 = Dll_AllocTemp(info2_len);
info2R = info2;
info2R->ReplaceIfExists = infoR->ReplaceIfExists;
info2R->RootDirectory = TargetHandle;
info2R->FileNameLength = wcslen(TargetFileName) * sizeof(WCHAR);
memcpy(info2R->FileName, TargetFileName, info2R->FileNameLength);
}
//
// if the source and target paths are the same (in a case
@ -6955,7 +7021,7 @@ _FX NTSTATUS File_RenameFile(
RtlInitUnicodeString(&objname, TargetCopyPath);
if (! info2->ReplaceIfExists) {
if (! ReplaceIfExists) {
//
// if caller did not explicitly ask to replace, but the
@ -6969,7 +7035,9 @@ _FX NTSTATUS File_RenameFile(
if (IS_DELETE_MARK(&open_info.CreationTime)) { // !File_Delete_v2 &&
info2->ReplaceIfExists = TRUE;
ReplaceIfExists = TRUE;
if (LinkOp) ((FILE_LINK_INFORMATION*)info2)->ReplaceIfExists = TRUE;
else ((FILE_RENAME_INFORMATION*)info2)->ReplaceIfExists = TRUE;
} else {
status = STATUS_OBJECT_NAME_COLLISION;
@ -7022,7 +7090,7 @@ _FX NTSTATUS File_RenameFile(
}
}
if (info2->ReplaceIfExists) {
if (ReplaceIfExists) {
__sys_NtDeleteFile(&objattrs);
}
@ -7035,7 +7103,7 @@ issue_rename:
status = __sys_NtSetInformationFile(
SourceHandle, &IoStatusBlock,
info2, info2_len, FileRenameInformation);
info2, info2_len, LinkOp ? FileLinkInformation : FileRenameInformation);
if (status == STATUS_SHARING_VIOLATION && SourceHandle != FileHandle) {
@ -7050,7 +7118,7 @@ issue_rename:
status = __sys_NtSetInformationFile(
SourceHandle, &IoStatusBlock,
info2, info2_len, FileRenameInformation);
info2, info2_len, LinkOp ? FileLinkInformation : FileRenameInformation);
}
if (! NT_SUCCESS(status)) {

19
Sandboxie/core/dll/guimisc.c
View File

@ -171,6 +171,8 @@ static ULONG Gui_OpenClipboard_seq = -1;
static HANDLE Gui_DummyInputDesktopHandle = NULL;
static BOOLEAN Gui_BlockInterferenceControl = FALSE;
//---------------------------------------------------------------------------
// Gui_InitMisc
@ -181,6 +183,7 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
{
if (! Gui_OpenAllWinClasses) {
Gui_BlockInterferenceControl = SbieApi_QueryConfBool(NULL, L"BlockInterferenceControl", FALSE);
SBIEDLL_HOOK_GUI(SetParent);
if (Gui_UseProxyService) {
@ -364,11 +367,11 @@ _FX HWND Gui_SetParent(HWND hWndChild, HWND hWndNewParent)
_FX BOOL Gui_ClipCursor(const RECT *lpRect)
{
if (SbieApi_QueryConfBool(NULL, "BlockInterferenceControl", FALSE) && lpRect)
{
if (Gui_BlockInterferenceControl && lpRect) {
SetLastError(ERROR_ACCESS_DENIED);
return FALSE;
}
if (!Gui_UseProxyService)
return __sys_ClipCursor(lpRect);
@ -528,11 +531,12 @@ _FX BOOL Gui_GetIconInfo(HICON hIcon, PICONINFO piconinfo)
_FX BOOL Gui_SetCursorPos(int x, int y)
{
if (SbieApi_QueryConfBool(NULL, "BlockInterferenceControl", FALSE)) {
if (Gui_BlockInterferenceControl)
return FALSE;
}
if (!Gui_UseProxyService)
return __sys_SetCursorPos(x, y);
GUI_SET_CURSOR_POS_REQ req;
GUI_SET_CURSOR_POS_RPL *rpl;
ULONG error;
@ -566,12 +570,13 @@ _FX BOOL Gui_SetForegroundWindow(HWND hWnd)
{
GUI_SET_FOREGROUND_WINDOW_REQ req;
void *rpl;
if (SbieApi_QueryConfBool(NULL, "BlockInterferenceControl", FALSE))
{
if (Gui_BlockInterferenceControl) {
SetLastError(ERROR_ACCESS_DENIED);
return FALSE;
}
if (__sys_IsWindow(hWnd) || (! hWnd)|| !Gui_UseProxyService) {
if (!Gui_UseProxyService || __sys_IsWindow(hWnd) || (! hWnd)) {
// window is in the same sandbox (or is NULL), no need for GUI Proxy
return __sys_SetForegroundWindow(hWnd);
}

1
Sandboxie/core/drv/api_defs.h
View File

@ -161,6 +161,7 @@ enum {
API_MONITOR_GET2,
API_PROTECT_ROOT,
API_UNPROTECT_ROOT,
API_KILL_PROCESS,
API_LAST
};

78
Sandboxie/core/drv/file_flt.c
View File

@ -64,7 +64,8 @@ static NTSTATUS File_CreateOperation(
static NTSTATUS File_RenameOperation(
PROCESS *proc,
FLT_IO_PARAMETER_BLOCK *Iopb);
FLT_IO_PARAMETER_BLOCK *Iopb,
BOOLEAN LinkOp);
static NTSTATUS File_QueryTeardown(
PCFLT_RELATED_OBJECTS FltObjects,
@ -357,9 +358,13 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
} else if (Iopb->MajorFunction == IRP_MJ_SET_INFORMATION) {
// we allow IRP_MJ_SET_INFORMATION to pass except for these 3
if ((Iopb->Parameters.SetFileInformation.FileInformationClass != FileRenameInformation) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileRenameInformationEx) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileLinkInformation) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileLinkInformationEx) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileRenameInformationEx))
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileHardLinkInformation) &&
(Iopb->Parameters.SetFileInformation.FileInformationClass != FileHardLinkFullIdInformation))
goto finish;
@ -573,11 +578,13 @@ check:
// Do not allow hard links outside the sandbox
if (Iopb->Parameters.SetFileInformation.FileInformationClass == FileLinkInformation
|| Iopb->Parameters.SetFileInformation.FileInformationClass == FileLinkInformationEx) {
/*
// FILE_LINK_INFORMATION* FileInfo = (FILE_LINK_INFORMATION*)Iopb->Parameters.SetFileInformation.InfoBuffer;
// For rename or link operations. If InfoBuffer->FileName contains a fully qualified file name, or if InfoBuffer->RootDirectory is non-NULL,
// this member is a file object pointer for the parent directory of the file that is the target of the operation. Otherwise it is NULL.
if (Iopb->Parameters.SetFileInformation.ParentOfTarget == NULL) {
//if (Iopb->Parameters.SetFileInformation.ParentOfTarget == NULL) {
FLT_FILE_NAME_INFORMATION *pTargetFileNameInfo = NULL;
@ -596,15 +603,20 @@ check:
if (pTargetFileNameInfo != NULL) {
FltReleaseFileNameInformation(pTargetFileNameInfo);
}
}
else if(!Box_IsBoxedPath(proc->box, file, &Iopb->Parameters.SetFileInformation.ParentOfTarget->FileName)) {
status = STATUS_ACCESS_DENIED;
}
}
else {
status = File_RenameOperation(proc, Iopb);
}
//}
//else if(!Box_IsBoxedPath(proc->box, file, &Iopb->Parameters.SetFileInformation.ParentOfTarget->FileName)) { // bug bug ParentOfTarget->FileName does not contain device path
// status = STATUS_ACCESS_DENIED;
//}
*/
status = File_RenameOperation(proc, Iopb, TRUE);
}
else if (Iopb->Parameters.SetFileInformation.FileInformationClass == FileRenameInformation
|| Iopb->Parameters.SetFileInformation.FileInformationClass == FileRenameInformationEx) {
status = File_RenameOperation(proc, Iopb, FALSE);
}
else
status = STATUS_ACCESS_DENIED;
}
else if (Iopb->MajorFunction == IRP_MJ_ACQUIRE_FOR_SECTION_SYNCHRONIZATION) {
@ -759,10 +771,10 @@ _FX NTSTATUS File_CreateOperation(
_FX NTSTATUS File_RenameOperation(
PROCESS *proc,
FLT_IO_PARAMETER_BLOCK *Iopb)
FLT_IO_PARAMETER_BLOCK *Iopb,
BOOLEAN LinkOp)
{
FLT_PARAMETERS *Parms;
FILE_RENAME_INFORMATION *info;
PFILE_OBJECT FileObject;
UNICODE_STRING FileName;
MY_CONTEXT MyContext;
@ -773,17 +785,41 @@ _FX NTSTATUS File_RenameOperation(
Parms = &Iopb->Parameters;
info = (FILE_RENAME_INFORMATION *)Parms->SetFileInformation.InfoBuffer;
#ifdef _M_ARM64
if (! MmIsAddressValid(info)) // todo: arm64 // fix-me: why does this happen?
if (! MmIsAddressValid(Parms->SetFileInformation.InfoBuffer)) // todo: arm64 // fix-me: why does this happen?
return STATUS_ACCESS_DENIED;
#endif
FileObject = Parms->SetFileInformation.ParentOfTarget;
if(LinkOp) {
if ((! FileObject) || (! info) || (! info->FileNameLength))
return STATUS_ACCESS_DENIED;
FILE_LINK_INFORMATION *infoL;
infoL = (FILE_LINK_INFORMATION *)Parms->SetFileInformation.InfoBuffer;
FileObject = Parms->SetFileInformation.ParentOfTarget;
if ((! FileObject) || (! infoL) || (! infoL->FileNameLength))
return STATUS_ACCESS_DENIED;
FileName.Length = (USHORT)infoL->FileNameLength;
FileName.MaximumLength = FileName.Length;
FileName.Buffer = infoL->FileName;
} else {
FILE_RENAME_INFORMATION *infoR;
infoR = (FILE_RENAME_INFORMATION *)Parms->SetFileInformation.InfoBuffer;
FileObject = Parms->SetFileInformation.ParentOfTarget;
if ((! FileObject) || (! infoR) || (! infoR->FileNameLength))
return STATUS_ACCESS_DENIED;
FileName.Length = (USHORT)infoR->FileNameLength;
FileName.MaximumLength = FileName.Length;
FileName.Buffer = infoR->FileName;
}
//
// if the target directory specifies just a filename (no leading slash)
@ -811,10 +847,6 @@ _FX NTSTATUS File_RenameOperation(
// call the generic parser function
//
FileName.Length = (USHORT)info->FileNameLength;
FileName.MaximumLength = FileName.Length;
FileName.Buffer = info->FileName;
memzero(&MyContext, sizeof(MyContext));
MyContext.HaveContext = TRUE;

1
Sandboxie/core/drv/process.c
View File

@ -214,6 +214,7 @@ _FX BOOLEAN Process_Init(void)
Api_SetFunction(API_QUERY_PROCESS_PATH, Process_Api_QueryProcessPath);
Api_SetFunction(API_QUERY_PATH_LIST, Process_Api_QueryPathList);
Api_SetFunction(API_ENUM_PROCESSES, Process_Api_Enum);
Api_SetFunction(API_KILL_PROCESS, Process_Api_Kill);
return TRUE;
}

2
Sandboxie/core/drv/process.h
View File

@ -522,6 +522,8 @@ NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms);
NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms);
NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms);
//---------------------------------------------------------------------------
// Variables

59
Sandboxie/core/drv/process_api.c
View File

@ -1126,3 +1126,62 @@ _FX NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms)
return status;
}
//---------------------------------------------------------------------------
// Process_Api_Enum
//---------------------------------------------------------------------------
_FX NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms)
{
NTSTATUS status;
HANDLE user_pid_parm;
HANDLE handle = NULL;
PEPROCESS ProcessObject = NULL;
PROCESS *proc2;
//
// security check, only service is allowed this call
//
if (proc || (PsGetCurrentProcessId() != Api_ServiceProcessId))
return STATUS_NOT_IMPLEMENTED;
//
// first parameter is pid
//
user_pid_parm = (HANDLE)parms[1];
if (! user_pid_parm)
return STATUS_INVALID_CID;
//
// security check, target must be a sandboxed process
//
proc2 = Process_Find(user_pid_parm, NULL);
if (! proc2)
return STATUS_ACCESS_DENIED;
//
// open process, obtain handle and terminate
//
status = PsLookupProcessByProcessId(user_pid_parm, &ProcessObject);
if (NT_SUCCESS(status)) {
status = ObOpenObjectByPointer(ProcessObject, OBJ_KERNEL_HANDLE, NULL, PROCESS_TERMINATE, NULL, KernelMode, &handle);
ObDereferenceObject(ProcessObject);
if (NT_SUCCESS(status)) {
ZwTerminateProcess(handle, DBG_TERMINATE_PROCESS);
ZwClose(handle);
}
}
return status;
}

4
Sandboxie/core/svc/ProcessServer.cpp
View File

@ -139,6 +139,10 @@ BOOL ProcessServer::KillProcess(ULONG ProcessId)
LastError = GetLastError();
CloseHandle(hProcess);
}
if (!ok)
ok = NT_SUCCESS(SbieApi_Call(API_KILL_PROCESS, 1, ProcessId));
//WCHAR txt[512]; wsprintf(txt, L"Killing Process Id %d --> %d/%d\n", ProcessId, ok, LastError); OutputDebugString(txt);
return ok;
}

1
Sandboxie/install/Templates.ini
View File

@ -2038,6 +2038,7 @@ OpenIpcPath=*\BaseNamedObjects*\*aavmSync.evt
OpenIpcPath=*\BaseNamedObjects*\*avscr*.map
ClosedFilePath=*\snxhk.dll
ClosedFilePath=*\snxhk64.dll
ClosedFilePath=*\ashShell.dll
[Template_AVG_Anti_Virus]
Tmpl.Title=AVG Anti-Virus / LinkScanner

2
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -805,7 +805,7 @@
<item row="11" column="1" colspan="2">
<widget class="QCheckBox" name="chkUserOperation">
<property name="text">
<string>Prevent interference with user control operations whatever</string>
<string>Prevent interference with user control operations (move mouse, bring in front, etc...)</string>
</property>
</widget>
</item>

6
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -476,9 +476,9 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkConfidential, "ConfidentialBox", "y", "");
WriteAdvancedCheck(ui.chkNotifyProtect, "NotifyBoxProtected", "y", "");
WriteAdvancedCheck(ui.chkProtectWindow, "IsProtectScreen", "y", "n");
WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
//WriteAdvancedCheck(ui.chkLockWhenClose, "LockWhenClose", "y", "n");
WriteAdvancedCheck(ui.chkProtectWindow, "IsProtectScreen", "y", "");
WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "");
//WriteAdvancedCheck(ui.chkLockWhenClose, "LockWhenClose", "y", "");
QStringList Users;
for (int i = 0; i < ui.lstUsers->count(); i++)

8
SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
View File

@ -426,10 +426,10 @@ void COptionsWindow::SaveGeneral()
if (ui.chkOpenCredentials->isEnabled())
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
//WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n");
WriteAdvancedCheck(ui.chkForceProtection, "ForceProtectionOnMount", "y", "n");
WriteAdvancedCheck(ui.chkUserOperation, "BlockInterferenceControl", "y", "n");
//WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "");
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "");
WriteAdvancedCheck(ui.chkForceProtection, "ForceProtectionOnMount", "y", "");
WriteAdvancedCheck(ui.chkUserOperation, "BlockInterferenceControl", "y", "");
WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
//WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");

18
SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
View File

@ -487,6 +487,8 @@ CSettingsWindow::CSettingsWindow(QWidget* parent)
m_CertChanged = false;
connect(ui.txtCertificate, SIGNAL(textChanged()), this, SLOT(CertChanged()));
connect(ui.txtSerial, SIGNAL(textChanged(const QString&)), this, SLOT(KeyChanged()));
ui.btnGetCert->setEnabled(false);
connect(theGUI, SIGNAL(CertUpdated()), this, SLOT(UpdateCert()));
ui.txtCertificate->setPlaceholderText(
@ -1293,13 +1295,20 @@ void CSettingsWindow::OnGetCert()
QString Serial = ui.txtSerial->text();
QString Message;
if (Serial.length() > 5 && Serial.at(4).toUpper() == 'U') {
if (Serial.length() < 4 || Serial.left(4).compare("SBIE", Qt::CaseInsensitive) != 0) {
Message = tr("This does not look like a Sandboxie-Plus Serial Number.<br />"
"If you have attempted to enter the UpdateKey or the Signature from a certificate, "
"that is not correct, please enter the entire certificate into the text area above instead.");
}
else if (Serial.length() > 5 && Serial.at(4).toUpper() == 'U') {
Message = tr("You are attempting to use a feature Upgrade-Key without having entered a pre-existing supporter certificate. "
"Please note that this type of key (<b>as it is clearly stated in bold on the website</b) requires you to have a pre-existing valid supporter certificate; it is useless without one."
"<br />If you want to use the advanced features, you need to obtain both a standard certificate and the feature upgrade key to unlock advanced functionality.");
}
if (Serial.length() > 5 && Serial.at(4).toUpper() == 'R') {
else if (Serial.length() > 5 && Serial.at(4).toUpper() == 'R') {
Message = tr("You are attempting to use a Renew-Key without having entered a pre-existing supporter certificate. "
"Please note that this type of key (<b>as it is clearly stated in bold on the website</b) requires you to have a pre-existing valid supporter certificate; it is useless without one.");
}
@ -2481,6 +2490,11 @@ void CSettingsWindow::CertChanged()
OnOptChanged();
}
void CSettingsWindow::KeyChanged()
{
ui.btnGetCert->setEnabled(ui.txtSerial->text().length() > 5);
}
void CSettingsWindow::LoadCertificate(QString CertPath)
{
if (theAPI && theAPI->IsConnected())

1
SandboxiePlus/SandMan/Windows/SettingsWindow.h
View File

@ -130,6 +130,7 @@ private slots:
void CertChanged();
void KeyChanged();
void UpdateCert();
void OnGetCert();
void OnCertData(const QByteArray& Certificate, const QVariantMap& Params);

888
SandboxiePlus/SandMan/sandman_de.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_en.ts
View File

File diff suppressed because it is too large Load Diff

930
SandboxiePlus/SandMan/sandman_es.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_fr.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_hu.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_it.ts
View File

File diff suppressed because it is too large Load Diff

883
SandboxiePlus/SandMan/sandman_ja.ts
View File

File diff suppressed because it is too large Load Diff

960
SandboxiePlus/SandMan/sandman_ko.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_nl.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_pl.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_pt_BR.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_pt_PT.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_ru.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_sv_SE.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_tr.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_uk.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_vi.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_zh_CN.ts
View File

File diff suppressed because it is too large Load Diff

885
SandboxiePlus/SandMan/sandman_zh_TW.ts
View File

File diff suppressed because it is too large Load Diff